Adding an application firewall rule to both private and public networks via win7 FirewallAPI
Solution 1
My answer is from David's answer but more detail. And fix problem about setting Localports. You need to setting Protocol before setting Localports. More detail is bellow:
the first, you need to import reference FirewallAPI.dll. It's in "C:\Windows\System32\FirewallAPI.dll" then:
using NetFwTypeLib;
and insert code into your:
Type tNetFwPolicy2 = Type.GetTypeFromProgID("HNetCfg.FwPolicy2");
INetFwPolicy2 fwPolicy2 = (INetFwPolicy2)Activator.CreateInstance(tNetFwPolicy2);
var currentProfiles = fwPolicy2.CurrentProfileTypes;
// Let's create a new rule
INetFwRule2 inboundRule = (INetFwRule2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FWRule"));
inboundRule.Enabled = true;
//Allow through firewall
inboundRule.Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW;
//Using protocol TCP
inboundRule.Protocol = 6; // TCP
//Port 81
inboundRule.LocalPorts = "81";
//Name of rule
inboundRule.Name = "MyRule";
// ...//
inboundRule.Profiles = currentProfiles;
// Now add the rule
INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
firewallPolicy.Rules.Add(inboundRule);
Solution 2
I think your best bet is to talk to the Windows Firewall with Advanced Security API.
A quick google for "C# INetFwRule2" will show you numerous examples of how to register or update a Firewall rule.
In order to add to both public and private policies i've used something along the lines of
Type tNetFwPolicy2 = Type.GetTypeFromProgID("HNetCfg.FwPolicy2");
INetFwPolicy2 fwPolicy2 = (INetFwPolicy2)Activator.CreateInstance(tNetFwPolicy2);
var currentProfiles = fwPolicy2.CurrentProfileTypes;
// Let's create a new rule
INetFwRule2 inboundRule = (INetFwRule2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FWRule"));
inboundRule.Enabled = true;
inboundRule.LocalPorts = "1234";
inboundRule.Protocol = 6; // TCP
// ...
inboundRule.Profiles = currentProfiles;
// Now add the rule
INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
firewallPolicy.Rules.Add(inboundRule);
Solution 3
This page doesn't say this has been answered and is old, so just in case, for future use, I'll answer this.
First, import reference FirewallAPI.dll, located at "C:\Windows\System32\FirewallAPI.dll", then add the using directive
using NetFwTypeLib;
The inboundRule.Profiles
property seems to be classified as a set of flags with the following values (the property's type is an int, so i made an enum):
public enum FirewallProfiles
{
Domain = 1,
Private = 2,
Public = 4
}
So, with that code, we can change the Profiles to the following:
// Create a new rule
INetFwRule2 inboundRule = (INetFwRule2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwRule"));
// Enable the rule
inboundRule.Enabled = true;
// Allow through firewall
inboundRule.Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW;
// Using protocol TCP
inboundRule.Protocol = 6; // TCP
// Set port number
inboundRule.LocalPorts = "1234";
// Name of rule
inboundRule.Name = "Name Of Firewall Rule";
// Set profiles
inboundRule.Profiles = (int)(FirewallProfiles.Private | FirewallProfiles.Public);
// Add the rule
INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
firewallPolicy.Rules.Add(inboundRule);
Or you could change inboundRule.Profiles
to an int value.
Two notes:
1: If you don't run this code under administrative privilege's,
firewallPolicty.Rules.Add(inboundRule);
will throw an exception.
2: inboundRule.Profiles
must be between values 1 and 7. Otherwise, it will throw an exception
Solution 4
Just in case you guys want Outbound rule:
inboundRule.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_OUT;
Oyiwai
Updated on July 09, 2022Comments
-
Oyiwai almost 2 years
A little background: Basicaly I'd like to add a program firewall access rule to both private and public networks.
I used to use this- "netsh firewall add allowedprogram program= "Path.." name=AppName ENABLE scope=ALL profile=CURRENT"
But now I'd like to automate the proccess a little using a COM object. Found this shiny piece of code - http://web.archive.org/web/20070707110141/http://www.dot.net.nz/Default.aspx?tabid=42&mid=404&ctl=Details&ItemID=8
And after implementing the class I've been trying to use- FirewallHelper.Instance.GrantAuthorization(@"Path... ","AppName ",NET_FW_SCOPE_.NET_FW_SCOPE_ALL,NET_FW_IP_VERSION_.NET_FW_IP_VERSION_ANY);
The problem I'm facing is that the GrantAuthorization method will only add a rule for the public OR private network whereas my old netsh command would 2 rules for- 1 for each network.
The commands actually seems very similar so it is kinda buffling to me.
So... how to add both network rules?
Shaun